How Password Alternatives Can Help Keep Your Company's Information Safe

Passwords are everywhere. From corporate network permissions to e-commerce logins and smartphone access, staff are familiar with standard password practice: Create strings of letters, numbers and special characters that are too hard to easily remember but simple enough that they don’t get written down on Post-it notes. They must deter hackers without impacting productivity, act as a bastion of security without compromising speed — oh, and must be changed every few months.

No surprise, then, that passwords aren’t working as intended: Users are making poor choices even as hackers leverage virtually unprotected accounts to gain network access. What’s the solution for companies stuck in password purgatory? Here’s a look at five password alternatives.

Double Trouble

Why are passwords so problematic? Two reasons: Poor choices and prolific re-use. In 2017, the top two most popular passwords remained unchanged — “123456” and “Password.” Both meet minimal password guidelines, and both are terrible. Introducing a requirement for more characters or at least one letter and number in every password only slightly improves the situation with “123456789” and “passw0rd” also sneaking into the top 20 passwords.

Making matters worse is the continual demand for passwords across both corporate and commercial services. Rather than create multiple unique passwords that are easily forgotten and could lead to massive user frustration, staff typically re-use login credentials across corporate networks, social media sites, mobile banking platforms and personal devices.

Factor Up – Two Factor Authentication Process

Despite efforts by tech giants such as Google, passwords aren’t going away anytime soon. Yet this doesn’t preclude companies from improving on current user authentication methods. The easiest way to start is with two-factor authentication. This still requires users to provide their login name and password but demands the addition of a second authentication “factor” — such as a one-time SMS code or the use of company-issued USB keys. The idea here is combining something users know (their password) with something they have. In turn, reducing the chance of accidental compromise. Benefits? This method is simple, safe and works well — especially when combined with SMS messages sent to user smartphones, since these devices typically require passcodes or fingerprints to gain access.

Go Bio

Speaking of fingerprints, another access option is adding multifactor authentication (MFA) in the form of biometric technology. The simplest version here is fingerprints, already used commonly in smartphones and minimally invasive for users. Other options currently in development include iris scanning and vein-pattern identification of users’ hands. While both are effective, they’re currently expensive to implement. Regardless of MFA budget and implementation choice, however, companies need clear staff communication about the collection, use and storage of personal biometric data.

Curtail Cloud Access

Instead of looking for ways to empower access, there’s a case here for reducing total permissions. This is especially critical in the cloud — restricting access to resource-intensive, public-facing services may frustrate some employees but can significantly improve security. Simply put? If staff don’t need cloud access for day-to-day tasks, don’t provide it on principle.

Implement Two-A Approval

Solid authentication is the first step to better security, but it’s also essential to implement strong authorization protocols. What does this mean? Consider corporate users with valid login credentials and one-time passwords accessing the network. They’ve been authenticated, but what happens when they try to access critical network files they’re not authorized to view? Organizations must develop robust policy and implement privileged account security tools to ensure only authenticated and authorized users gain access.

BYOA - Bring Your Own App

If you’re looking to ditch passwords altogether, consider building a custom app that streamlines user access to company resources. Since you control which devices and users can access the application, you’re able to better regulate employee actions and easily track users. The caveat? It’s not cheap and requires regular upkeep but is an effective way to supplant passwords without disrupting employee workflows.